module.exports = function () {
  return function(req, res, next) {
    const origin = req.headers.origin
    if (origin && origin.match(/\.shehouse\.(com|lc|net|cn)$/)) {
      res.header("Access-Control-Allow-Origin", origin);
      res.header("Access-Control-Allow-Credentials", true);
      res.header("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE");
      res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    }
    if (req.method === 'OPTIONS') {
      res.status(200).end()
    } else {
      next()
    }
  }  
}